FreeBSD 2.2-4.2 NetBSD 1.2-4.5 OpenBSD 2.x - FTPd glob() Remote Buffer Overflow

FreeBSD 2.2-4.2 NetBSD 1.2-4.5 OpenBSD 2.x - FTPd glob Remote Buffer Overflow // source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of...

FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing operations, the ftp daemon...

Очень серьезная ошибка во многих (BSD) ftpd (glob expansion)

Переполнение буфера при работе с функцией glob - при разборе пути запрошенного файла...

CVE-2001-0053

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges...

CVE-2000-0994

CVE-2000-0994 describes a local, format-string vulnerability in OpenBSD’s fstat (and potentially other BSD-based systems) that allows a non-authenticated user to gain root privileges via the PWD environment variable. The root cause is a format-string flaw in fstat that mishandles the PWD value, e...

CVE-2000-0993

The CVE-2000-0993 entry describes a format-string vulnerability in the OpenBSD/libutil pw_error(3) function that, when invoked by setuid programs such as chpass, could let a local user gain superuser access. Public details indicate OpenBSD fixed the issue in 2000 within the affected libutil code,...

CVE-2000-0993

Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...

CVE-2000-0996

Format string vulnerability in OpenBSD su program and possibly other BSD-based operating systems allows local attackers to gain root privileges via a malformed shell...

CVE-2000-0995

Format string vulnerability in OpenBSD yppasswd program and possibly other BSD-based operating systems allows attackers to gain root privileges a malformed name...

BSD chpass - pw_error(3) Local Privilege Escalation

BSD chpass - pwerror3 Local Privilege Escalation / TESO BSD chpass exploit - caddis greets: !teso, !w00w00, hert!, ozsecurity, plus613 / include char bsdshellcode = "\xeb\x16\x5e\x31\xc0\x8d\x0e\x89" "\x4e\x08\x89\x46\x0c\x8d\x4e\x08" "\x50\x51\x56\x50\xb0\x3b\xcd\x80"...

BSD chpass (pw_error(3)) Local Root Exploit

Exploit for bsd platform in category local exploits =========================================== BSD chpass pwerror3 Local Root Exploit =========================================== / TESO BSD chpass exploit - caddis greets: !teso, !w00w00, hert!, ozsecurity, plus613 / include char bsdshellcode =...

BSD chpass - 'pw_error(3)' Local Privilege Escalation

/ TESO BSD chpass exploit - caddis greets: !teso, !w00w00, hert!, ozsecurity, plus613 / include char bsdshellcode = "\xeb\x16\x5e\x31\xc0\x8d\x0e\x89" "\x4e\x08\x89\x46\x0c\x8d\x4e\x08" "\x50\x51\x56\x50\xb0\x3b\xcd\x80" "\xe8\xe5\xff\xff\xff/bin/sh"; char ptmpshellcode =...

CVE-2000-1103

rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line...

Возможная проблема в BSD traceroute

Переполнение кучи при очень большой длине адреса вызываемого хоста...

Третий раз дырка в procfs в *BSD

Третий раз с 1997 года заткнута одна и таже дырка в procfs в BSD через нее, в сочетании с удаленной дыркой, был последний раз был поломан сервер http://www.freebsd.org...

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Overview There is a off-by-one vulnerability in several BSD-derived ftpd servers. Description The ftp server in several BSD distributions contains a defect which allows one byte of the program memory allocated within a stack frame to be overwritten with a NUL byte '\0'. The byte in question is...

CVE-2000-1103

CVE-2000-1103 affects BSD 3.0/4.0; the rcvtty program does not drop privileges before executing a script, enabling local privilege escalation by supplying an alternate Trojan horse script on the command line. CVSS base score 7.2 (HIGH) from NVD indicates complete impact to confidentiality, integr...

CVE-2000-1103

rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line...

CVE-2000-0993

Format string vulnerability in pwerror function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd...

CVE-2000-0995

Format string vulnerability in OpenBSD yppasswd program and possibly other BSD-based operating systems allows attackers to gain root privileges a malformed name...